Ekrn.exe UDP Port Usage?

[itman 1,659]

I just noticed that ekrn.exe has this UDP port continuously allocated? It doesn't appear to be listening on that port. I don't know any reason why it would allocate a port in this fashion?

 

[ken1943 22]

I don't show it.

[itman 1,659]

That UDP connection is gone today. Strange .........

 

Yesterday, I rebooted after I posted and connection wasn't initially there but later reappeared. Again I know of no reason why ekrn.exe should be permanently allocating a UDP port.

 

-EDIT- I will also add that in addition to the TCPView screen I posted noting the ekrn.exe UDP connection, I also verified through additional means. First, I used Eset's network connections tool that strangely did not show the ekrn.exe connection? Then, I executed netstat from the command prompt which indeed verified the ekrn.exe UDP port allocation.

Edited July 15, 2016 by itman

[itman 1,659]

Ok, something definitely is not right here.

 

I created a firewall rule to specifically monitor and block and Eset UDP traffic. Coming out of stand-by mode, I get an alert from ekrn.exe trying to establish a DNS connection to my DNS provider, VeriSign. It did appear this was related to auto Eset update activity since I also received an alert from the Eset firewall on TCP inbound activity from an Eset update server URL. Note that this was not a statefull connection since the firewall would have allowed it. 

 

I need an explanation on why Eset is performing DNS resolution which should only be performed by svchost.exe.

 

 

 

[itman 1,659]

Mystery solved.

 

Appears Eset pre-allocates a source UPD port for ekrn.exe DNS use. A bit unconventional since I have never seen any other app or security software ever do so, but acceptable.